sint-ai · pshkv · May 29, 2026 · May 29, 2026
diff --git a/README.md b/README.md
@@ -212,6 +212,7 @@ Community/adoption assets:
 - [`docs/community/external-contributor-onboarding.md`](docs/community/external-contributor-onboarding.md)
 - [`docs/community/good-first-issues-board.md`](docs/community/good-first-issues-board.md)
 - [`docs/community/open-source-collaboration-replies.md`](docs/community/open-source-collaboration-replies.md)
+- [`docs/community/physical-ai-runtime-safety-working-group.md`](docs/community/physical-ai-runtime-safety-working-group.md)
 - [`docs/security-bulletins/2026-04.md`](docs/security-bulletins/2026-04.md)
 
 ### Run a Single Package
@@ -714,6 +715,8 @@ docker-compose up
 - ROS2 loop benchmark report: [`docs/reports/ros2-control-loop-benchmark.md`](docs/reports/ros2-control-loop-benchmark.md)
 - Hardware safety controller roadmap: [`docs/roadmaps/hardware-safety-controller-integration.md`](docs/roadmaps/hardware-safety-controller-integration.md)
 - Hardware safety handshake fixture: [`packages/conformance-tests/fixtures/industrial/hardware-safety-handshake.v1.json`](packages/conformance-tests/fixtures/industrial/hardware-safety-handshake.v1.json)
+- Physical AI runtime safety fixtures: [`packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixtures.v0.1.json`](packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixtures.v0.1.json)
+- Physical AI runtime safety fixture schema: [`packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json`](packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json)
 - Certification bundle summary: [`docs/reports/certification-bundle-summary.md`](docs/reports/certification-bundle-summary.md)
 - NIST submission playbook: [`docs/guides/nist-submission-playbook.md`](docs/guides/nist-submission-playbook.md)
 - NIST submission bundle report: [`docs/reports/nist-submission-bundle.md`](docs/reports/nist-submission-bundle.md)

@@ -85,6 +85,7 @@ export default defineConfig({
           { text: "Robotics Collaboration Outreach", link: "/community/robotics-collaboration-outreach-schedule" },
           { text: "Sunnybotics Collaboration Brief", link: "/community/sunnybotics-collaboration-brief" },
           { text: "Sunnybotics Outreach Drafts", link: "/community/sunnybotics-outreach-drafts" },
+          { text: "Physical AI Runtime Safety WG", link: "/community/physical-ai-runtime-safety-working-group" },
           { text: "Lovable Site Refresh Prompt", link: "/community/lovable-sint-gg-refresh-prompt" },
           { text: "Website Sync Checklist", link: "/community/website-sync-checklist" },
           { text: "Good First Issues Board", link: "/community/good-first-issues-board" },

@@ -0,0 +1,68 @@
+# Physical AI Runtime Safety Working Group
+
+Status: v0.1 fixture review packet
+
+## Goal
+
+Coordinate a small, cross-project fixture set for the safety boundary between AI agents and physical systems.
+
+This is intentionally narrow. The first milestone is agreement on runnable fixtures, not a new broad standard.
+
+## What We Are Asking Reviewers To Check
+
+- Does the fixture describe pre-action authorization before actuation?
+- Does the fixture make transport bypass behavior explicit?
+- Does e-stop/rollback evidence have the fields a safety reviewer needs?
+- Can your project translate the cases without adopting SINT internals?
+
+## Canonical v0.1 Files
+
+- Fixture schema: `packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json`
+- Fixture cases: `packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixtures.v0.1.json`
+- Reference runner: `packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts`
+- Fixture README: `packages/conformance-tests/fixtures/physical-ai/README.md`
+
+## Run The Reference Runner
+
+```bash
+pnpm --filter @pshkv/conformance-tests test:physical-ai-runtime
+```
+
+## v0.1 Case Set
+
+- `ros2_cmd_vel_authorized_escalates`
+- `ros2_cmd_vel_denied_by_scope`
+- `ros2_cmd_vel_escalates_human_present`
+- `sros2_bypass_publish_fails`
+- `estop_always_rolls_back`
+- `receipt_verifies_policy_decision`
+
+## Suggested GitHub Reply For Review Invitations
+
+```text
+We are starting a small Physical AI Runtime Safety fixture review around the boundary between AI agents and physical systems.
+
+The goal is not to push SINT adoption. We want a protocol-neutral fixture shape that ROS2/SROS2, robotics simulators, agent runtimes, and safety gateways can all translate.
+
+The v0.1 pack covers: pre-action authorization, transport non-bypass, e-stop rollback, and evidence receipts. Would you be open to reviewing whether these cases map cleanly to your project?
+
+Fixture docs:
+https://github.com/sint-ai/sint-protocol/tree/main/packages/conformance-tests/fixtures/physical-ai
+```
+
+## Candidate Reviewers
+
+- ROS2/SROS2 security maintainers
+- Open-RMF and ROS2 navigation/fleet workflow projects
+- MCP/agent security gateway maintainers
+- Agent identity and delegated authority projects
+- Robotics simulation and lab teams validating physical AI actions
+
+## Success Criterion
+
+The v0.1 milestone is successful when two independent implementations can agree on:
+
+- the expected decision (`allow`, `deny`, `escalate`, `rollback`)
+- the expected transport outcome
+- the evidence fields that prove the boundary was checked
+- the claims that cannot be inferred from the evidence alone
@@ -44,6 +44,7 @@ features:
 - Discord launch kit: [Community/Discord Launch Kit](./community/discord-launch-kit.md)
 - Good-first-issues board: [Community/Starter Board](./community/good-first-issues-board.md)
 - Collaboration reply playbook: [Community/Replies](./community/open-source-collaboration-replies.md)
+- Physical AI runtime safety working group: [Community/Working Group](./community/physical-ai-runtime-safety-working-group.md)
 - EU AI Act mapping: [Compliance/EU AI Act](./compliance/eu-ai-act-mapping.md)
 - ISO 13482 alignment: [Compliance/ISO 13482](./compliance/iso-13482-alignment.md)
 - Formal threat model: [Security/Formal Threat Model](./security/formal-threat-model.md)

diff --git a/packages/conformance-tests/fixtures/physical-ai/README.md b/packages/conformance-tests/fixtures/physical-ai/README.md
@@ -28,3 +28,23 @@ SINT provides one reference runner, but other implementations can translate the
 same cases into their own gateway, transport, or simulator. The important
 interop question is whether independent systems agree on the expected decision,
 transport outcome, and evidence contract.
+
+## Files
+
+- `runtime-safety-fixture.schema.json` defines the v0.1 fixture shape.
+- `runtime-safety-fixtures.v0.1.json` is the canonical ROS2/SROS2 starter pack.
+
+## Run The Reference Checks
+
+```bash
+pnpm --filter @pshkv/conformance-tests test:physical-ai-runtime
+```
+
+## Review Targets
+
+The first working-group review should answer four questions:
+
+1. Can another runtime express the same pre-actuation authorization boundary?
+2. Can another transport express the same non-bypass outcome?
+3. Can another safety controller express rollback/e-stop evidence?
+4. Can another evidence format bind `action_ref` and `delegation_ref` without leaking private authority metadata?
diff --git a/packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json b/packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json
@@ -0,0 +1,184 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://schemas.sint.ai/physical-ai/runtime-safety-fixture.v0.1.schema.json",
+  "title": "Physical AI Runtime Safety Fixture v0.1",
+  "type": "object",
+  "required": ["fixtureId", "schemaVersion", "description", "profile", "defaultToken", "cases"],
+  "additionalProperties": false,
+  "properties": {
+    "fixtureId": { "type": "string", "const": "physical-ai-runtime-safety-v0.1" },
+    "schemaVersion": { "type": "string", "const": "0.1.0" },
+    "description": { "type": "string", "minLength": 1 },
+    "profile": {
+      "type": "object",
+      "required": ["transport", "actionBoundary", "decisionVocabulary", "transportOutcomes", "evidenceRequirements"],
+      "additionalProperties": false,
+      "properties": {
+        "transport": { "type": "string", "enum": ["ros2/sros2"] },
+        "actionBoundary": { "type": "string", "enum": ["pre-actuation"] },
+        "decisionVocabulary": {
+          "type": "array",
+          "items": { "type": "string", "enum": ["allow", "deny", "escalate", "rollback"] },
+          "minItems": 4,
+          "uniqueItems": true
+        },
+        "transportOutcomes": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": [
+              "forwarded",
+              "held_for_review",
+              "publish_rejected",
+              "discovery_rejected",
+              "execution_rolled_back"
+            ]
+          },
+          "minItems": 5,
+          "uniqueItems": true
+        },
+        "evidenceRequirements": {
+          "type": "object",
+          "required": [
+            "decisionRefRequired",
+            "actionIntentRefRequired",
+            "hashChainRequired",
+            "receiptRequiredForNegativeOutcomes",
+            "authorityPointer",
+            "actionPointer"
+          ],
+          "additionalProperties": false,
+          "properties": {
+            "decisionRefRequired": { "type": "boolean", "const": true },
+            "actionIntentRefRequired": { "type": "boolean", "const": true },
+            "hashChainRequired": { "type": "boolean", "const": true },
+            "receiptRequiredForNegativeOutcomes": { "type": "boolean", "const": true },
+            "authorityPointer": {
+              "type": "object",
+              "required": ["field", "form", "nullable"],
+              "additionalProperties": false,
+              "properties": {
+                "field": { "type": "string", "const": "delegation_ref" },
+                "form": { "type": "string", "const": "opaque_content_addressed" },
+                "nullable": { "type": "boolean" }
+              }
+            },
+            "actionPointer": {
+              "type": "object",
+              "required": ["field", "form"],
+              "additionalProperties": false,
+              "properties": {
+                "field": { "type": "string", "const": "action_ref" },
+                "form": { "type": "string", "const": "deterministic_public_derivation" }
+              }
+            }
+          }
+        }
+      }
+    },
+    "defaultToken": { "$ref": "#/$defs/token" },
+    "cases": {
+      "type": "array",
+      "minItems": 6,
+      "items": {
+        "type": "object",
+        "required": ["id", "name", "description", "expected"],
+        "additionalProperties": false,
+        "properties": {
+          "id": { "type": "string", "minLength": 1 },
+          "name": { "type": "string", "minLength": 1 },
+          "description": { "type": "string", "minLength": 1 },
+          "tokenOverride": { "$ref": "#/$defs/token" },
+          "request": { "$ref": "#/$defs/request" },
+          "transportCheck": { "$ref": "#/$defs/transportCheck" },
+          "expected": {
+            "type": "object",
+            "required": ["decisionAction", "transportOutcome"],
+            "additionalProperties": true,
+            "properties": {
+              "decisionAction": { "type": "string", "enum": ["allow", "deny", "escalate", "rollback"] },
+              "assignedTier": { "type": "string", "enum": ["T0_observe", "T1_prepare", "T2_act", "T3_commit"] },
+              "policyViolated": { "type": "string" },
+              "transportOutcome": {
+                "type": "string",
+                "enum": [
+                  "forwarded",
+                  "held_for_review",
+                  "publish_rejected",
+                  "discovery_rejected",
+                  "execution_rolled_back"
+                ]
+              },
+              "transportDecision": { "type": "string", "enum": ["allow", "deny", "not-covered"] },
+              "evidenceEventType": { "type": "string" },
+              "evidence": { "type": "object" }
+            }
+          }
+        }
+      }
+    }
+  },
+  "$defs": {
+    "token": {
+      "type": "object",
+      "required": ["resource", "actions"],
+      "additionalProperties": false,
+      "properties": {
+        "resource": { "type": "string" },
+        "actions": { "type": "array", "items": { "type": "string" }, "minItems": 1 },
+        "constraints": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "maxVelocityMps": { "type": "number", "minimum": 0 },
+            "maxForceNewtons": { "type": "number", "minimum": 0 }
+          }
+        }
+      }
+    },
+    "request": {
+      "type": "object",
+      "required": ["resource", "action"],
+      "additionalProperties": true,
+      "properties": {
+        "resource": { "type": "string" },
+        "action": { "type": "string" },
+        "params": { "type": "object" },
+        "physicalContext": { "type": "object" },
+        "recentActions": { "type": "array", "items": { "type": "string" } },
+        "executionContext": { "type": "object" }
+      }
+    },
+    "transportCheck": {
+      "type": "object",
+      "required": ["enclave", "topicName", "operation"],
+      "additionalProperties": false,
+      "properties": {
+        "enclave": {
+          "type": "object",
+          "required": [
+            "enclavePath",
+            "domainId",
+            "allowPublish",
+            "allowSubscribe",
+            "denyPublish",
+            "denySubscribe",
+            "governanceEnforced"
+          ],
+          "additionalProperties": false,
+          "properties": {
+            "enclavePath": { "type": "string" },
+            "domainId": { "type": "integer" },
+            "allowPublish": { "type": "array", "items": { "type": "string" } },
+            "allowSubscribe": { "type": "array", "items": { "type": "string" } },
+            "denyPublish": { "type": "array", "items": { "type": "string" } },
+            "denySubscribe": { "type": "array", "items": { "type": "string" } },
+            "governanceEnforced": { "type": "boolean" }
+          }
+        },
+        "topicName": { "type": "string" },
+        "operation": { "type": "string", "enum": ["publish", "subscribe"] }
+      }
+    }
+  }
+}
diff --git a/packages/conformance-tests/package.json b/packages/conformance-tests/package.json
@@ -8,6 +8,7 @@
     "test": "vitest run",
     "test:watch": "vitest watch",
     "test:fixtures": "vitest run src/canonical-fixtures-conformance.test.ts src/a2a-fixtures-conformance.test.ts src/security-iot-fixtures-conformance.test.ts src/economy-fixtures-conformance.test.ts src/autogen-interop-conformance.test.ts src/agentskill-authz-fixtures-conformance.test.ts src/action-ref-explainability-conformance.test.ts src/payment-governance-fixtures-conformance.test.ts src/physical-ai-runtime-safety-fixtures-conformance.test.ts src/post-quantum-crypto-agility-conformance.test.ts src/humanoid-profile-conformance.test.ts src/humanoid-warehouse-pilot-conformance.test.ts src/eu-ai-act-conformity-pack-conformance.test.ts src/humanoid-multivendor-fleet-conformance.test.ts src/open-rmf-handoff-policy-receipts-conformance.test.ts src/moveit-manipulation-policy-receipts-conformance.test.ts src/nav2-navigation-policy-receipts-conformance.test.ts src/px4-offboard-policy-receipts-conformance.test.ts src/lerobot-policy-actuation-receipts-conformance.test.ts src/solar-field-operations-policy-receipts-conformance.test.ts src/industrial-cell-safety-pack-conformance.test.ts src/factory-action-demo-conformance.test.ts src/sint-industrial-pack-conformance.test.ts src/regulated-consent-extensions-conformance.test.ts src/autonomy-supervisor-conformance.test.ts",
+    "test:physical-ai-runtime": "vitest run src/physical-ai-runtime-safety-fixtures-conformance.test.ts",
     "test:factory-action": "vitest run src/factory-action-demo-conformance.test.ts",
     "test:ros2-loop": "vitest run src/ros2-control-loop-latency.test.ts"
   },

diff --git a/packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts b/packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts
@@ -6,6 +6,9 @@
  */
 
 import { beforeEach, describe, expect, it } from "vitest";
+import { existsSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
 import type {
   SintCapabilityToken,
   SintCapabilityTokenRequest,
@@ -22,6 +25,11 @@ import { PolicyGateway } from "@pshkv/gate-policy-gateway";
 import { checkSros2Permission } from "@pshkv/bridge-ros2";
 import { loadPhysicalAiRuntimeSafetyFixture } from "./fixture-loader.js";
 
+const FIXTURE_ROOT = resolve(
+  dirname(fileURLToPath(import.meta.url)),
+  "../fixtures/physical-ai",
+);
+
 function futureISO(hoursFromNow: number): string {
   const d = new Date(Date.now() + hoursFromNow * 3_600_000);
   return d.toISOString().replace(/\.(\d{3})Z$/, ".$1000Z");
@@ -88,6 +96,9 @@ describe("Physical AI runtime safety fixtures v0.1", () => {
   });
 
   it("declares a stable physical-AI interoperability profile", () => {
+    expect(existsSync(resolve(FIXTURE_ROOT, "runtime-safety-fixture.schema.json"))).toBe(true);
+    expect(existsSync(resolve(FIXTURE_ROOT, "runtime-safety-fixtures.v0.1.json"))).toBe(true);
+
     expect(fixture.fixtureId).toBe("physical-ai-runtime-safety-v0.1");
     expect(fixture.profile.transport).toBe("ros2/sros2");
     expect(fixture.profile.actionBoundary).toBe("pre-actuation");